I'm using POST over HTTPS with verify client certificate and found possible bug. According to /CHANES: >Changes with Apache 2.0.37 > > *) allow POST method over SSL when per-directory client cert > authentication is used with 'SSLOptions +OptRenegotiate' enabled > and a client cert was found in the ssl session cache. But server still write to log: >[error] SSL Re-negotiation in conjunction with POST method not supported! \nhint: try SSLOptions +OptRenegotiate Then I apply patch below feature will be worked rigth. ### BEGIN DIFF ### --- modules/ssl/ssl_engine_kernel.c Tue Jun 15 13:20:46 2004 +++ modules/ssl/ssl_engine_kernel.c.orig Tue Jun 15 13:38:17 2004 @@ -549,7 +549,7 @@ * * !! BUT ALL THIS IS STILL NOT RE-IMPLEMENTED FOR APACHE 2.0 !! */ - if (!renegotiate && !renegotiate_quick && (r->method_number == M_POST)) { + if (renegotiate && !renegotiate_quick && (r->method_number == M_POST)) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, "SSL Re-negotiation in conjunction " "with POST method not supported!\n" ### END DIFF ###
I think this patch is reversed? The current logic is if (renegotiate && !renegotiate_quick && (r->method_number == M_POST)) { i.e. if a renegotiation is needed, and a quick renegotiation isn't possible, and the request is a POST request, then log the error and return a 403. Which makes sense. If a renegotiation is *not* needed, then the function does not attempt one anyway. Presuming this is a duplicate of 12355 unless there's anything subtle I'm missing. *** This bug has been marked as a duplicate of 12355 ***